On 3/9/07, Agnaldo Freitas <agnaldofreitas@xxxxxxxxxxx> wrote:
1 - [root@netuno1 ~]# passwd samuel
Changing password for user samuel.
Enter login(LDAP) password:
New UNIX password:
Retype new UNIX password:
LDAP password information changed for samuel
passwd: all authentication tokens updated successfully.
Why this line "Enter login(LDAP) password:", if is root that is changing the
samuel's password? It does not happen when the user is from /etc/passwd!.
I think that it's asking for root's password to bind to the LDAP
directory. If you set the rootbinddn parameter in /etc/ldap.conf and
create /etc/ldap.secret (mode 600) containing the root DN's password,
then that message should go away.
Note that the passwd command won't update Samba passwords stored in
LDAP. There has been talk of adding a plugin to FDS to let it
automatically synchronize Samba passwords when it receives a password
change, but I don't think that's been done.
2 - Depend on pam_passord (howto:wiki sugests exop) parameter smbpasswd
fails:
[root@netuno1 ~]# smbpasswd samuel
ldapsam_modify_entry: LDAP Password could not be changed for user samuel:
Confidentiality required
Operation requires a secure connection.
ldapsam_update_sam_account: failed to modify user with uid = samuel, error:
Operation requires a secure connection.
(Success)
Failed to modify entry for user samuel.
Failed to modify password entry for user samuel
3 - When user try to change his password using CTRL + ALT + DEL from
windows, after typing the passwords:
If ldap passwd sync = yes is set in /etc/samba/smb.conf, it returns
the message: current password or user's name is incorrect, in other hands,
if unix password sync = yes (password chat ...) is set, it
returns the message: you do not have permission to modify the password,
and only samba passwd is changed (in both cases). I need
userPassword for single sign on because i use other services.
Why the smbldap-passwd always runs ok from the prompt and not from the
password program parameter ?!
I haven't used smbldap-passwd, so I can't really help you there.
Using "ldap passwd sync" instead of "unix password sync" should work.
Did you make sure to set your root DN password in Samba by running
"smbpasswd -W"?
We're using a setup very similar to you (Samba PDC, FDS with simple
bind), and here are the settings that we're using. In
/etc/samba/smb.conf:
passdb backend = ldapsam:"ldaps://ldapserver.example.com/"
ldap admin dn = "cn=Directory Manager"
ldap suffix = "dc=example,dc=com"
ldap password sync = yes
In /etc/ldap.conf:
pam_passwd md5
Then run "smbpasswd -W" to let Samba store the admin DN / root DN.
We don't use passwd chat or exop.
Your problems in #2 and #3 sound like more of a Samba issue than an
FDS issue. I'll be glad to answer any questions I can, but if you
continue to have trouble, you might have better luck on the Samba
mailing list.
Josh Kelley
--
Fedora-directory-users mailing list
Fedora-directory-users@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-directory-users
